Home Tags Hash

Tag: Hash

Researcher finds LastPass 2FA could become 1FA

Not only was LastPass using a password hash in its two-factor authentication scheme, but 2FA could be disabled by an attacker, a security researcher has found.

Unraveling the Lamberts Toolkit

The Lamberts is a family of sophisticated attack tools that has been used by one or multiple threat actors against high-profile victims since at least 2008.

The arsenal includes network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers.

Mozilla project keeps compromised apps out of circulation

Mozilla has long used its Firefox browser as a staging platform for other innovations. One of the first real-world applications for its fast-and-safe systems language Rust, for instance, is rewriting some of Firefox's innards.Now comes a project called Binary Transparency, an effort to ensure that every Firefox binary produced by Mozilla is the same one that everyone else has received and hasn't potentially been tampered with.[ Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]At first this sounds like a glorified version of using hash signatures or checksums, which most every organization that supplies binaries of its apps does. But Mozilla has a more ambitious plan: To make it difficult for anyone to distribute compromised copies of an application, even if they come from Mozilla.To read this article in full or to leave a comment, please click here

Git sprints carefully towards SHA-1 deprecation

The sky still isn't falling Following the February controversy over whether or not Google's SHA-1 collision broke Git, its community has taken the first small steps towards replacing the ancient hash function.…

Time’s up for SHA-1 hash algo, but one in five websites...

Google, Microsoft and Mozilla say they won't trust anyone who hasn't migrated One in five websites (21 per cent) are still using certificates signed with the vulnerable SHA-1 hash algorithm, according to a new survey.…

Google’s ‘SHA-1 Countdown Clock’ Could Undermine Enterprise Security

In the wake of a recently documented 'collision' attack, Google researchers should release a patch for the cryptographic Secure Hash Algorithm 1 sooner rather than later. Here's why.

Don’t panic about SHA-1—fix it

Last week, Google unveiled proof that it had successfully created a collision attack against the SHA-1 hash algorithm, a security weakness long suspected to be exploitable with modern computing power.But what does that mean in practical terms? It depends on how you use SHA-1 and in what context.

The answers to those questions provide some idea of where to start moving away from SHA-1 first.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]Git-r-fixed Distributed source control system Git has been implicated as a possible victim of SHA-1 attacks. “If an attacker managed to create a SHA-1 collision for a source file object (git blob),” wrote Red Hat engineer Colin Walters, “it would affect all revisions and checkouts—invalidating the security of all GPG signed tags whose commits point to that object.”To read this article in full or to leave a comment, please click here

Researchers Crack the Secure Hash Algorithm-1 Cryptographic Function

Security researchers announced the first practical collision attack against the Secure Hash Algorithm-1 cryptographic function.

Researchers from Google, CTI Break SHA-1 Hash Encryption Function

Google's vast cloud computing infrastructure was harnessed to demonstrate that it is possible to crack the Secure Hash Algorithm-1 cryptographic function through a brute force computational methods.

Google kills SHA-1 with successful collision attack

It's official: The SHA-1 cryptographic algorithm has been "SHAttered." Google successfully broke SHA-1. Now what?After years of warning that advances in modern computing meant a successful collision attack against SHA-1 was imminent, a team of researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands have successfully developed the first successful SHA-1 collision.
In practical terms, SHA-1 should not be relied upon for practical security.[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]Modern cryptographic hash functions depend on the fact that the algorithm generates a different cryptographic hash for every file.

A hash collision refers to having two separate files with the same hash.

The fact that cryptographic weaknesses in SHA-1 make certificates using the SHA-1 algorithm potentially vulnerable to collision attacks is well-known.

The National Institute of Standards and Technology deprecated SHA-1 more than five years ago, and experts have been long urging organizations to switch to stronger hash algorithms. Up until now, the only thing going for SHA-1 was the fact that collision attacks were still expensive and theoretical.To read this article in full or to leave a comment, please click here

‘First ever’ SHA-1 hash collision calculated. All it took were five...

Tired old algo underpinning online security must die now Google researchers and academics have today demonstrated it is possible – albeit with a lot of computing power – to produce two different documents that have the same SHA-1 hash signature.…

First Practical SHA-1 Collision Attack Arrives

Researchers unveiled the first-ever practical collision attack the cryptographic hash function SHA-1.